-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good... Are you just kidding or what???
This is a sever exploit! I tried it and also managed to make it run from a cgi script!?! That means someone who has an account on the machine can gain root privileges whenever he wants. then a cgi using sushi may be like #!/.sushi /usr/bin/perl. Do you understand this? Now, it is NOT possible to do onyl like it's said in the header of the script. Turning off suid privileges on /usr/lib/authenticate means apache won't be able to authenticate users anymore. So, you won't be able to access admin console. Doesn't this mean there is a huge problem now and that Sun should quickly propose a relevent security patch for apache? (and if they could provide an official patch for openssl too...) Sincerly yours. On Sunday 22 September 2002 22:42, Brett Wright wrote: > At 01:34 20/09/02, you wrote: > > > -----Original Message----- > > > From: Sean Chester [mailto:[EMAIL PROTECTED]] > > > Sent: 19 September 2002 10:21 > > > To: [EMAIL PROTECTED] > > > Subject: RE: [cobalt-security] Local Root exploit > > > > > > > -----Original Message----- > > > > Subject: Re: [cobalt-security] Local Root exploit > > > > Not sure if this has been posted here yet, but i tried it > > > > on a raq4 > > > > and it worked. > > > > > > > > http://www.securiteam.com/exploits/5MP0R0A80K.html > > > > I ran this, it does give me a root shell. > > > > Do I need to clean up after running this? > > Any files need deleting to get me back to how I was? > > Code on http://www.securiteam.com is normally quite good, then again you > never know, just patch the server as it states at the start of the script, > and do not let anyone you do not trust to have shell access to the server. > > > The only thing i found was this > > main() { system("cp $tempdir/core/sushi /.sushi ; chmod 6777 /.sushi"); } > > > remove or chmod the file .sushi in the / > > Then again i have done this on a test RAQ4 on a internal network, its not a > good idea to run these types of scripts on a 'real' working machine. > > >_______________________________________________ > >cobalt-security mailing list > >[EMAIL PROTECTED] > >http://list.cobalt.com/mailman/listinfo/cobalt-security > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security - -- Rene Luria <[EMAIL PROTECTED]> Unix Administrator - Infomaniak Network SA PGP key DFE5C340 at keyserver.pgp.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9jrugJ1jvMN/lw0ARAoAFAKDKBzPNxYYgIclsMXJQkdX++jOEJgCg+9RG TJAk98BWsB2d5RpAN6YJbpI= =ZqgI -----END PGP SIGNATURE----- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
